Users began having issues after applying the latest update, and Microsoft has confirmed the issue. The company says the April security updates appear to be the problem, and it is working on a solution.

Windows devices might face VPN connection failures after installing the April 2024 security update (KB5036893) or the April 2024 non-security preview update.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

The issue appears to be widespread and appears to impact virtually all of Microsoft’s lineup.

Client: Windows 11, version 23H2; Windows 11, version 22H2, Windows 11, version 21H2, Windows 10, version 22H2, Windows 10, version 21H2.

Server: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008.

A whopping 96% of third-party cloud container apps have known vulnerabilities, highlighting ongoing cloud security challenges.

Cloud computing is often touted as more secure than traditional options. Unfortunately, this is only true if all parties involved make security a prime objective.

According to Palo Alto Networks’ Unit 42 team, some 96% of third-party container apps have known vulnerabilities. In addition, 63% of third-party code templates contain insecure configurations.

The news is especially concerning given the rise of supply chain attacks. Hackers are increasingly targeting widely used, third-party software, services, containers and plugins. Successfully compromising a single vendor who’s product is used by thousands of customers can have a far greater impact than compromising a single target.

Unit 42 highlights the danger of supply chain cloud attacks:

In most supply chain attacks, an attacker compromises a vendor and inserts malicious code in software used by customers. Cloud infrastructure can fall prey to a similar approach in which unvetted third-party code could introduce security flaws and give attackers access to sensitive data in the cloud environment. Additionally, unless organizations verify sources, third-party code can come from anyone, including an Advanced Persistent Threat (APT).

Organizations that want to stay secure must start making DevOps security a priority:

Teams continue to neglect DevOps security, due in part to lack of attention to supply chain threats. Cloud native applications have a long chain of dependencies, and those dependencies have dependences of their own. DevOps and security teams need to gain visibility into the bill of materials in every cloud workload in order to evaluate risk at every stage of the dependency chain and establish guardrails.

Mark Sunday, CIO of Oracle, discussed the increasing need for enterprises to take a holistic, comprehensive, and automated approach towards information security in an interview with Michael Krigsman of CXOTALK:

Security is Increasingly a Big Part of the Discussion

It’s really been interesting to see the dramatic change in the awareness around security. Quite frankly, the threats have gotten much greater. Security is increasingly a big part of the discussion. If I look at the one area that my organization has increased year on year on year, it’s what we’re investing in security. We’re the norm in that. We’re not the exception. Then also the increased sophistication of the threats, the increased sophistication of the tooling, and so forth required, is putting more and more focus on this. It really becomes job one.

I think that boards have now become aware and that they are accountable to assure that the people, the processes, the technology, that all the steps that one needs to do in order to ensure the integrity, confidentially, privacy, and security, of not only a customer’s data, the company’s data, but in fact the employees data as well.

Security is Not Just the Role of the CIO

Security is getting its place at the table, whether it’s within the IT organizations, at the corporate level, or at the board level. Security has always been something that’s been out there, something that we’ve had to take into account, but more recently there have certainly been more high profile incidents that have highlighted just what the impact of security can have. But also it’s been highlighted that you need to have the focus that security is not just the role of the CIO, not just the role of the CISO, but it’s everyone’s responsibility.

It begins with making people aware of what they need to do, what the threats and the vulnerabilities are, and what their role is in defending against that. Security needs to be built into every line of code we write, every configuration we enable, every computer that we manage the configuration asset the patching level on and the updates on. It affects essentially most roles within the organization.

Every Enterprise Has the Security it Deserves

Just given the scale, size, complexity, and the opportunity for human error, you really need to take a holistic, comprehensive, and automated approach towards how you deal with configuration management, change management, and vulnerability management. All of these are key aspects. It’s very difficult if it’s done you know manually. You have to look at a comprehensive program that allows you to simplify, standardize, centralize, and automate all the aspects of how you deal with those things that you know could expose your company to security and privacy concerns.

Every Enterprise has the security it deserves. It begins at the very top. It truly begins with the board, CEO, the Executive Committee, to set the culture and to ensure that the people, process, technology, and the governance processes are in place to ensure the security of customers, companies, and employees information.

Related Articles:

Huge Volume of IoT Data Managed via AI Creates Real Value, Says Oracle VP

Oracle CEO: Applications Market Changes Significantly As It Moves to Cloud

Oracle CEO: Three Big Things in the Gen 2 Cloud… Security, Security, Security

T-Mobile suffered a massive data breach in 2021, one that impacted some 76 million Americans and led to a $350 million settlement. Law enforcement has been investigating the incident, but the Washington AG says the carrier has not been cooperating, according to GeekWire.

“Throughout this investigation, T-Mobile has either provided insufficient responses, or refused to respond outright, to the State’s Civil Investigative Demands (CIDs), all while continuing to suffer repeated data breaches,” alleges the AG’s office in the filing.

As the filing mentions, T-Mobile has continued to suffer breaches since the 2021 incident, including one disclosed in January 2023 and another in May 2023. To make matters worse, hackers claim to have accessed T-Mobile’s systems more than 100 times in 2022 alone.

Of the top three carriers in the US, T-Mobile easily has the worst security track record over the last couple of years. Withholding documents from law enforcement officials investigating one of these incidents is certainly not a good look for the magenta carrier.

According to Axios, Sen. Angus King (I-Maine) and Rep. Mike Gallagher (R-Wis.) sent a letter to President Biden questioning why Inglis’ replacement had not been selected, and urging the President to nominate acting director Kemba Walden.

Despite the letter, the White House has been noticeably silent on the issue.

“I’m really puzzled; I just don’t know what’s going on,” King told Axios. “This is an important job, and it’s an important moment and they have a highly qualified, able acting director.”

It’s unusual for such an important role to go unfilled, especially when there’s bipartisan support for an existing candidate. The silence is especially telling given how much emphasis the Biden administration has placed on cybersecurity.

Sen. King believes the silence may speak to internal pressure or objections that may be in play.

“The lack of an appointment itself indicates that there’s some reluctance, when there’s an obvious nominee waiting in the wing,” King said. “I’m not going to speculate on what the cause is, but all I’m going to say is that it’s a dangerous lapse, and it’s resolvable.”

SIP is a key component in macOS security, ensuring the system cannot run unauthorized code or applications. According to Microsoft, a bug in the macOS migration process could be used to bypass SIP altogether.

The company outlined its findings in a blog post:

A new vulnerability, which we refer to as “Migraine” for its involvement with macOS migration, could allow an attacker with root access to automatically bypass System Integrity Protection (SIP) in macOS and perform arbitrary operations on a device.

Microsoft’s entire blog post outlining the steps they took to find and evaluate the vulnerability is a very lengthy read. However, there are several potential ramifications:

• A SIP exploit can be used to create undetectable malware.
• SIP exploits provide a path “for attackers to gain arbitrary kernel code execution.”
• SIP exploits can allow hackers to enable rootkits and bypass anti-tampering measures.
• Such exploits can be used to bypass Transparency, Consent, and Control (TCC) policies.

Microsoft has already notified Apple, and a fix was included in the May 18, 2023 security update. Needless to say, all users should update immediately.

States With the Most Data Breaches

On an individual state basis, California, Oregon, Maryland, Georgia, and Virginia have suffered the most losses. However, nearly every state across the U.S. has suffered losses in the millions, some even in the billions. In an attempt to tackle this problem, experts have identified the major causes of data loss in the United States. One reason is human error, as many companies or organizations suffer from employees that are prone to accidental deletion or misclicks, or simply have a lack of training. Another cause is malware. Phishing is far too common in the online space, as is spoofing and ransomware. The final main cause is unexpected events, such as hardware failure, software glitches, or external natural disasters.

Looking at Data Breaches on a Global Scale

Although countries around the globe, much like the United States, suffer from data loss, countries aren’t the only entities that are affected. In fact, 45% of retailers have reported an increased size, severity, and scope of cyber attacks against their data. In addition, between 2021 and 2022, over 5,000 global businesses experienced and confirmed data loss within their company. This is a widespread issue, as important industries like finance, healthcare, public administration, manufacturing, and transportation are all heavily affected by this crisis. Some examples of these data breaches are the finance incident in Ukraine or the transportation incident in Japan. In Ukraine in 2018, 100GB of data was exfiltrated from a loan services company. In 2022 in Japan, Toyota lost 300,000 customers’ emails to hackers.

Data loss is not a new concept to our global society, as we have destroyed or lost plenty of historical data over the years. Perhaps the most famous and devastating data breach in history was the burning of the Library of Alexandria, losing an estimated 571.4GB of data in one fell swoop. Other examples include, but are not limited to, the destruction of the Royal Library of Ashurbanipal or the loss of the Maya Religious Codices. 

Conclusion

It is clear that data loss remains both a global and historical certainty, regardless of whether that loss is physical or digital. There is no way of ensuring that data is never lost, leaked, or stolen, but it is beneficial to be prepared for the possibility of these tragedies. In a world that is largely based online and the value of digital assets increases, the risk for these cybersecurity breaches also increases. Whether it is personal data or company data, cyber security affects us all, and is an important factor to consider when moving forward with data storing and sharing.

Mullvad is well known for its VPN service, being one of the few VPNs worth the money and the one WPN consistently recommends. The company has a long record of transparency, passing third-party audits, and generally providing exactly the security and privacy it promises.

The company has built on that success with its very own web browser, developed in partnership with the Tor Project, to help people take their online security and privacy to the next level. The company explained the thinking behind the partnership:

The Tor Network offers great protection for privacy and the Tor Browser is, in our view, the best privacy-focused browser you can choose. The problem is, for those who prefer to run a VPN instead of the Tor Network, there hasn’t been a good browser alternative. Until now.

When we reached out to the Tor Project, our goal was to give VPN users the browser quality of the Tor Browser – paired with the benefits of using a VPN. And all to give people more alternatives for privacy. So, here we are. The result: a Tor-developed browser produced to minimize fingerprinting and tracking. Without using The Tor Network. To free the internet from big data gathering.

So what is Mullvad, and how does it stack up to the competition?

What Is Mullvad?

At its core, Mullvad Browser is a heavily modified version of Firefox. This is a good thing for a couple of reasons:

1. Basing Mullvad Browser on Firefox is good for the internet. With the rise of Chrome and browsers based on Chrome’s engine, there is a real threat of the web becoming another duopoly, with web browsers split between Chrome-based and Apple Safari-based. Using Firefox as Mullvad Browser on Firefox is a small step toward supporting web browser diversity.
2. Although it’s not nearly as popular as it once was, Firefox is still popular enough that most people are familiar with its settings, making it easy to dive into Mullvad Browser.
3. Given the sheer number of Chrome vulnerabilities, basing Mullvad Browser on Firefox is a wise choice, especially for an application specifically designed for security and privacy.

How Does It Work?

Advertising and data mining companies try to build a profile of an internet user based on numerous categories, including their device hardware, operating system, web browser, and more. This process is known as “fingerprinting.”

To protect user privacy, a web browser must help thwart the fingerprinting process. The Electronic Frontier Foundation (EFF) explains that this can be done in two different ways, either with a fingerprint that is:

• so common that a tracker can’t tell you apart from the crowd (as in Tor Browser), or
• randomized so that a tracker can’t tell it’s you from one moment to the next (as in Brave browser).

Needless to say, given the partnership with the Tor Project, Mullvad Browser uses the first option. Based on the EFF’s test results, the browser does quite well at offering the level of protection it promises.

Mullvad Browser has Private Browsing enabled by default. That means that no data is saved from one session to the next. While this can be inconvenient since it means you will be logged out of any sites you logged into the previous session, it also means that trackers won’t be able to learn anything from you based on saved cookies.

While Firefox may not send a lot of telemetry back to Mozilla, it does still send some information designed to help Mozilla improve Firefox’s performance. Mullvad disables all telemetry by default.

Mullvad Browser also includes the excellent uBlock Origin extension to help block ads and trackers.

Using the browser with a VPN completes the security and privacy protection, although users do not have to use Mullvad’s VPN. The browser is designed to work with any VPN.

Mullvad explains the difference between using Mulvad Browser with a VPN and using a Tor browser:

The short explanation: if you use the Mullvad Browser, you are using a Tor-developed browser without using the Tor Network. Instead, the Mullvad Browser is intended to run with a VPN. That’s the main difference. Sure, there are a few calibration differences between the two browsers – but the differences are there for only that reason; to handle the browsers’ different ways of connecting to the internet.

Should You Use Mullvad Browser?

For anyone interested in protecting their online privacy and security, Mullvad Browser should be an important tool in their repertoire.

Could you duplicate Mullvad Browser’s features in other browsers? For the most part, yes. But Mullvad has done all the work for you, delivering a solid application that lives up to what it promises…much like their VPN.

Will most individuals use the browser as their primary? Probably not. For many users, remaining logged into their favorite sites is probably too much of a convenience to use Mullvad Browser — or any browser in private mode — full-time.

Nonetheless, when doing anything online when privacy is paramount, Mullvad Browser is hard to beat. It offers near Tor-like privacy and anonymity in a convenient, easy-to-use application that virtually anyone will be comfortable with.

Availability

Mullvad Browser is available on Linux, Windows, and macOS. The Linux version can be downloaded via the Mullvad website or installed via Flatpak.

Rating

Anyone concerned with online privacy and security should download and install Mullvad Browser immediately.

5 out of 5 stars

Andrew Brandt, Principle Researcher at SophosLabs, took to Mastodon to report the issue:

Well, apparently #microsoft #Sharepoint now has the ability to scan inside of password-protected zip archives.

How do I know? Because I have a lot of Zips (encrypted with a password) that contain malware, and my typical method of sharing those is to upload those passworded Zips into a Sharepoint directory.

This morning, I discovered that a couple of password-protected Zips are flagged as “Malware detected” which limits what I can do with those files – they are basically dead space now.

As Brandt points out, the practice has major repercussions for security researchers and malware analysts’ ability to share the files their work depends on:

While I totally understand doing this for anyone other than a malware analyst, this kind of nosy, get-inside-your-business way of handling this is going to become a big problem for people like me who need to send their colleagues malware samples. The available space to do this just keeps shrinking and it will impact the ability of malware researchers to do their jobs.

Hopefully, Microsoft will adjust their policy to allow exceptions for security researchers.

In the meantime, the news should serve as a caution to users who rely on password protection to keep their files private and secure on Microsoft’s cloud platform.

According to Hacker News, six of the vulnerabilities are rated Critical and 32 are Important. The most important is CVE-2023-29336, which is being actively exploited in the wild, although just how much is still unknown:

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

All users should update immediately to protect their systems.

Dallas issued a media advisory detailing the attack, as well as the impacted services;

Wednesday morning, the City’s security monitoring tools notified our Security Operations Center (SOC) that a likely ransomware attack had been launched within our environment. Subsequently, the City has confirmed that a number of servers have been compromised with ransomware, impacting several functional areas, including the Dallas Police Department Website. The City team, along with its vendors, are actively working to isolate the ransomware to prevent its spread, to remove the ransomware from infected servers, and to restore any services currently impacted. The Mayor and City Council was notified of the incident pursuant to the City’s Incident Response Plan (IRP). The City is currently working to assess the complete impact, but at this time, the impact on the delivery of City services to its residents is limited. Should a resident experience a problem with a particular City service, they should contact 311. For emergencies, they should contact 911.

Ransomware gangs have increasingly been targeting cities, hospitals, and local governments, with many of them providing softer targets than multi-billion dollar corporations and major government agencies.

The malware was first discovered in December 2019 by Bleeping Computer, nested inside modified Inter VPN Pro software on a false website.

In a press release, Google’s Mike Trinh and Pierre-Marc Bureau stated:

“Last year, we shared details about our success in holding operators of the Glupteba botnet responsible for their targeting of online users. We noted that our work was not done and that we would continue raising awareness around issues and working to disrupt groups looking to take advantage of users. Today, we’re sharing another milestone in that work.”

The court order, granted by a federal judge in the Southern District of New York, gives Google the authority to “take down current and future domains that are tied to the distribution of Cryptbot.”

Google finds itself an unwitting accomplice to the spread, as CryptBot uses unofficially modified versions of Google Earth Pro and Google Chrome hosted on phishing websites. CryptoBot has pillaged authentication credentials, social media account login info, and cryptocurrency wallets from Google Chrome.

To combat the threat, Trinh and Bureau provided basic but evergreen pointers when considering any software download:

Download from well-known and trusted sources: Only download software from the official website or app store and take Chrome Safe Browsing warnings seriously.

Read reviews and do your research: Before downloading any software, do research on the product, and read reviews from others who have already downloaded and used the software.

Keep your operating system and software up-to-date: Make sure to regularly update your device’s operating system and software to the latest version. Updates often include security patches and bug fixes that can help protect from threats.

These actions come shortly after Google’s December 2021 legal efforts to shut down the command-and-control infrastructure associated with a botnet called Glupteba. However, the malware resurfaced a mere six months later, with Nozomi Networks reporting “a tenfold increase in TOR hidden service being used as C2 servers since the 2021 campaign.”

Time will tell if Google’s efforts to halt CryptBot’s spread yield productive efforts or if the malware proves to be another Hydra multiplying with each strike.

Cybersecurity is one of the fastest-growing segments of the IT industry, but supply is struggling to meet demand.

“The past few years have seen cybercriminals target the media, businesses, and governments, and the volume is staggering,” writes Kate Behncken – Corporate Vice President, Microsoft Philanthropies. “As we cited in our Digital Defense Report last year, the volume of password attacks has risen to an estimated 921 attacks every second – a 74% increase in just one year. Cyberattacks often have devastating impacts – the average cost of a cyber breach has reached $4.35 million.

“At the same time, we are facing a global cybersecurity skills crisis. Demand for cybersecurity skills has grown by an average of 35% over the past year. And in some countries, like Brazil, demand has grown as much as 76%. We simply don’t have enough people with the skills to defend against cybersecurity attacks, putting people, businesses, and governments around the world at risk.”

To help meet the ever-growing need, the company is expanding its program to additional countries, with a focus on training underrepresented groups. Like much of the tech industry, cybersecurity traditionally has a much smaller percentage of women than other fields.

“In addition to expanding the skilling program to more countries, we are also focusing on helping historically underrepresented populations enter the cybersecurity workforce,” continues Behncken. “Specifically, the opportunity for women to work in cybersecurity is huge. Today, women make up only 25% of the global cybersecurity workforce so it’s more important than ever to encourage and empower women to pursue these careers.”

Behncken goes on to highlight several specific initiatives:

• WOMCY, a nonprofit focused on cybersecurity opportunities for women in Latin America
• Women4Cyber, a foundation aimed at increasing women’s role in cybersecurity in Europe
• The International Telecommunications Union – a UN agency – supporting their [Women in Cyber Mentorship Program](Women in Cyber Mentorship Program) with a special focus on Africa, Asia, and the Middle East
• WiCyS, a global community of women, allies, and advocates dedicated to recruiting, training, and advancing women in cybersecurity
• The company is also working with organizations in Poland, such as the Kosciuszko Institute, to help train women — including Ukrainian refugees — in cybersecurity.

End-to-end encryption (E2EE) is a fundamental feature of many communication platforms, ensuring that only the intended participants can read and access a conversation. The UK government has expressed its support for strong encryption, but its Online Safety Bill stands at odds with that position, threatening to eliminate E2EE.

In response, the leading names in online messaging have penned an open letter objecting to the bill:

To anyone who cares about safety and privacy on the internet.

As end-to-end-encrypted communication services, we urge the UK Government to address the risks that the Online Safety Bill poses to everyone’s privacy and safety. It is not too late to ensure that the Bill aligns with the Government’s stated intention to protect end-to-end encryption and respect the human right to privacy.

The companies then go on to highlight the stakes, as well as the threat the current bill poses:

Around the world, businesses, individuals and governments face persistent threats from online fraud, scams and data theft. Malicious actors and hostile states routinely challenge the security of our critical infrastructure. End-to-end encryption is one of the strongest possible defenses against these threats, and as vital institutions become ever more dependent on internet technologies to conduct core operations, the stakes have never been higher.

As currently drafted, the Bill could break end-to-end encryption, opening the door to routine, general and indiscriminate surveillance of personal messages of friends, family members, employees, executives, journalists, human rights activists and even politicians themselves, which would fundamentally undermine everyone’s ability to communicate securely.

The Bill provides no explicit protection for encryption, and if implemented as written, could empower OFCOM to try to force the proactive scanning of private messages on end-to-end encrypted communication services – nullifying the purpose of end-to-end encryption as a result and compromising the privacy of all users.

In short, the Bill poses an unprecedented threat to the privacy, safety and security of every UK citizen and the people with whom they communicate around the world, while emboldening hostile governments who may seek to draft copy-cat laws.

The letter then tackles the claims that strong encryption can co-exist with surveillance, pointing to third-party criticism of the UK bill:

Proponents say that they appreciate the importance of encryption and privacy while also claiming that it’s possible to surveil everyone’s messages without undermining end-to-end encryption. The truth is that this is not possible.

We aren’t the only ones who share concerns about the UK Bill. The United Nations has warned that the UK Government’s efforts to impose backdoor requirements constitute “a paradigm shift that raises a host of serious problems with potentially dire consequences”

Even the UK Government itself has acknowledged the privacy risks that the text of the Bill poses, but has said its “intention” isn’t for the Bill to be interpreted this way.

The UK’s Online Safety Bill is simply the latest attempt by lawmakers and regulators to have the best of both worlds, which, unfortunately, is not mathematically possible. As the letter states, it is simply a mathematical impossibility for encryption to simultaneously be strong and allow surveillance…regardless of how admirable the reasons for that surveillance may be.

Ultimately, weakening encryption for any reason weakens it for all and will have profound repercussions for online security.

According to MalwareHunterTeam, the LockBit ransomware gang appears to be specifically targeting macOS in its latest malware — a first for the ransomware gang.

Apple devices were once virtually immune to malware, but as the platform has gained in popularity, bad actors have increasingly been targeting macOS. Users do well to engage in standard good practices, not downloading from untrusted sources, opening suspicious email attachments, or using pirated software.

Open source software use has risen dramatically in recent years, making it a prime target for bad actors. Supply chains are particularly appealing, since injecting malicious code in a popular library or API can potentially infect thousands of targets.

Google has been working to improve open source supply chain security, with its Assured OSS service.

“Building on Google’s efforts to improve OSS security, we are announcing the general availability of the Assured Open Source Software (Assured OSS) service for Java and Python ecosystems,” writes Andy Chang, Group Product Manager, Security & Privacy. “Available today at no cost, Assured OSS gives any organization that uses open source software the opportunity to leverage the security and experience Google applies to open source dependencies by incorporating the same OSS packages that Google secures and uses into their own developer workflows. “

Developers and companies can get started with Google’s onboarding form.

Bug bounties are a popular way for companies to find and fix bugs, relying on researchers to help in exchange for payouts. Given the increasing popularity of OpenAI’s ChatGPT, it’s not surprising the company has unveiled a bounty program.

The company announced the program in a blog post:

OpenAI’s mission is to create artificial intelligence systems that benefit everyone. To that end, we invest heavily in research and engineering to ensure our AI systems are safe and secure. However, as with any complex technology, we understand that vulnerabilities and flaws can emerge.

We believe that transparency and collaboration are crucial to addressing this reality. That’s why we are inviting the global community of security researchers, ethical hackers, and technology enthusiasts to help us identify and address vulnerabilities in our systems. We are excited to build on our coordinated disclosure commitments by offering incentives for qualifying vulnerability information. Your expertise and vigilance will have a direct impact on keeping our systems and users secure.

OpenAI says payouts will range from $200 to $20,000:

To incentivize testing and as a token of our appreciation, we will be offering cash rewards based on the severity and impact of the reported issues. Our rewards range from $200 for low-severity findings to up to $20,000 for exceptional discoveries. We recognize the importance of your contributions and are committed to acknowledging your efforts.

OpenAI’s announcement is good news for security researchers, many of whom rely on such programs for a substantial part of their income.

According to the company, some 71% of organizations admit to sharing sensitive information across communication platforms like Teams. As a result, these platforms represent a new risk for information being leaked, harked, or stolen, prompting Microsoft to add a number of new security features.

One such feature allows users to report a suspicious link so security teams can take the appropriate measures:

Now we are taking message protection to the next level by giving users the ability to report suspicious messages directly in Teams – similar to what they do today in Microsoft Outlook to report suspicious emails. The security team will be alerted whenever users report suspicious messages and can view them in the Microsoft 365 Defender portal.

Going forward, all user submissions will also be compiled into an auto-generated investigation suspicious URL clicks, giving SOC teams an even more efficient experience to review these suspicious messages and respond faster.

Microsoft is also adding the ability for Teams to auto-detect malicious messages:

For a faster response and automatic action, we are bringing zero auto purge (ZAP) to Microsoft Teams, which protects end-users by analyzing messages post-delivery and automatically quarantines messages that contain malicious content to stop the actor from compromising the account. The power of this capability lies in the holistic approach – once a malicious message is identified, the entire Teams environment will be scanned for that same indicator of compromise and quarantine relevant messages at scale for more effective protection.

While the default configuration for ZAP is to move all malicious messages into quarantine, where SOC teams can analyze them further and decide on next steps, the policy can be easily tailored to suit an organization’s preferred action and workflows.

The company is also adding a number of features to help SecOps analyze data and better identify areas where security needs to be improved.

Overall, these new features are necessary and welcome additions to Teams and should go a long way toward helping companies protect sensitive information.

Software as a service is an increasingly important part of the remote and hybrid workplace, and is only growing in popularity. Unfortunately, properly securing SaaS applications can be a logistical nightmare. In fact, citing research from Better Cloud, Microsoft points to the 59% of security professionals that struggle to manage SaaS security.

Microsoft believes the key lies in protecting data within cloud apps, rather than just focusing on cloud access security. The company has expanded the scope of its Defender for Cloud Apps to help provide that layer of security.

Today, we are excited to announce that Defender for Cloud Apps is extending its SSPM capabilities to some of the most critical apps organizations use today, including Microsoft 365, Salesforce,3 ServiceNow,4 Okta,5 GitHub, and more.

Another important component of Defender for Cloud Apps is the ability to help personnel research configuration best practices for SaaS app security.

To streamline this process, Defender for Cloud Apps launched SSPM in June 2022 to surface misconfigurations and provide recommendations to strengthen an app’s posture.

In preview starting today, Defender for Cloud Apps now provides security posture management for Microsoft 365, Salesforce, ServiceNow, Okta, GitHub, and more. Not only are we expanding the breadth of app coverage but also the depth of assessments and capabilities for each application.

The tight integration within Microsoft 365 Defender will give organizations security across the full scope of their operations.

That’s why Defender for Cloud Apps is natively integrated into Microsoft 365 Defender. The XDR technology correlates signals from the Microsoft Defender suite across endpoints, identities, email, and SaaS apps to provide incident-level detection, investigation, and powerful response capabilities like automatic attack disruption. The integration of SaaS security into an XDR experience gives SOC teams full kill chain visibility and improves operational efficiency with better prioritization and shorter response times to ultimately protect the organization more effectively.

In a blog post by Kent Walker, President, Global Affairs & Chief Legal Officer, and Royal Hansen, VP of Engineering for Privacy, Safety, and Security, the executives make the case that companies should be responsible for improving cybersecurity:

“Should companies be responsible for cyberattacks? The U.S. government thinks so – and frankly, we agree.”

The two execs then quote Jen Easterly and Eric Goldstein of the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security:

“The incentives for developing and selling technology have eclipsed customer safety in importance. […] Americans…have unwittingly come to accept that it is normal for new software and devices to be indefensible by design. They accept products that are released to market with dozens, hundreds, or even thousands of defects. They accept that the cybersecurity burden falls disproportionately on consumers and small organizations, which are often least aware of the threat and least capable of protecting themselves.”

Walker and Hansen go on to lament that cyber threats are growing, taking advantage of “insecure software, indefensible architectures, and inadequate security investment.” The solution is a complete rethinking of how software is designed and deployed.

“The bottom line: People deserve products that are secure by default and systems that are built to withstand the growing onslaught from attackers,” the executives write. “Safety should be fundamental: built-in, enabled out of the box, and not added on as an afterthought. In other words, we need secure products, not security products. That’s why Google has worked to build security in – often making it invisible – to our users. Many of our most significant security features, including innovations like SafeBrowsing, do their best work behind the scenes for our core consumer products.”

The executives emphasize the importance of security being smooth and streamlined, not the cumbersome experience that often exists today, and that results in customers choosing insecurity over inconvenience. Walker and Hansen also recognize there is no silver bullet but that significant steps can and should be taken to greatly improve the status quo.

“Of course, raising the security baseline won’t stop all bad actors, and software will likely always have flaws – but we can start by covering the basics, fixing the most egregious security risks, and coming up with new approaches that eliminate entire classes of threats,” they add. “Google has made investments in the past two decades, but contributing resources is just a piece of the puzzle. It’s work for all of us, but it’s the responsible thing to do: The safety and security of our increasingly digitized world depends on it.”